What’s New – Page 974 – Central New York Business Journal

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Here are some recent tweets that came across the @cnybj Twitter feed, offering cybersecurity, HR, legal, and small business tips. SBA @SBAgovBe on the alert for email phishing schemes. Reminder: SBA only communicates from email addresses ending in http://sba.gov. Learn how to report suspected fraud: https://sba.gov/fraud iSecurity @iSecurityiSecurity: What is Pretexting? Simple & Effective Social […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Here are some recent tweets that came across the @cnybj Twitter feed, offering cybersecurity, HR, legal, and small business tips.

SBA @SBAgov
Be on the alert for email phishing schemes. Reminder: SBA only communicates from email addresses ending in http://sba.gov. Learn how to report suspected fraud: https://sba.gov/fraud

iSecurity @iSecurity
iSecurity: What is Pretexting? Simple & Effective Social Engineering Attack http://dlvr.it/S2gPCg #CyberSecurity #whatis #cybersecurity

DeepFriedCyber @DeepFriedCyber
How to conquer synthetic identity fraud: http://dlvr.it/S2gP1y #cybersecurity #infosec

Small Business Trends @smallbiztrends
How can you know if your staff is enjoying their work? 10 #smallbiz experts from @YEC share their tips. https://zcu.io/9OxX #management

Mark C. Crowley @MarkCCrowley
One Take On #WFH: “They’re viewing it as a punishment to come back into the office & they should be viewing it as a perk to back in the office, both for social & emotional issues as well as #career growth and income growth.” — Tom Gimbel, CEO of Staffing company, LaSalle Network

Lolly Daskal @LollyDaskal
How to Make Your Employees Feel They Belong — @LollyDaskal: https://bit.ly/374PZKl #Leadership #Management #HR #Success

Prabir Jha @PrabirJha
Welcome & onboarding are #HR processes that many companies work at getting better. And rightly so. But when I probe on how they are improving the exit experience, the process and the feeling, many companies do not have the same energy. It is a pity. This has a more lasting effect.

Barclay Damon LLP @BarclayDamonLLP
“NY Appellate Court Dismisses Claim for Purely Economic Losses Arising From Motor Vehicle Accident” — Learn more in this #torts & #products liability defense alert: https://barclaydamon.com/alerts/ny-appellate-court-dismisses-claim-for-purely-economic-losses-arising-from-motor-vehicle-accident

NFIB @NFIB
NFIB and #smallbiz applaud today’s U.S. Supreme Court decision in TransUnion LLC v. Ramirez. “NFIB is pleased the Supreme Court once again ruled that all plaintiffs need to suffer actual injury to be compensated.” —@NFIBLegal’s Karen Harned. https://nfib.com/content/press-release/homepage/supreme-court-decision-protects-small-businesses-from-possible-frivolous-lawsuits/ #SCOTUS

Hancock Estabrook @HancockLawLLP
Labor & Employment Law Alert: New York State Passes Amendments to the HERO Act https://hancocklaw.com/publications/labor-employment-law-alert-new-york-state-passes-amendments-to-the-hero-act/

New York SBDC @nysbdc
Eligible #SmallBiz in #NYS affected by the COVID-19 pandemic can now apply for grant funding up to $50,000 at http://smallbusinessrecovery.com

TonyBodoh @TonyBodoh
Brave leaders stretch to grow beyond that which they have achieved because they know customers will always want more than they just received. http://TonyBodoh.com #smallbusiness

Recycler Sunnking begins operations at satellite location in Whitesboro

Construction, Design & Real Estate, Employee Benefits & Human Resources, Energy, Environment & Sustainability, New York News, Regional News

WHITESBORO, N.Y. — Recycler Sunnking, Inc. has started operations in a space located at 272 Oriskany Blvd. in Whitesboro. Sunnking, which is headquartered in Brockport

New York’s virtual cybersecurity conference attracts 1,300 attendees

Subscriber Only, Technology

ALBANY, N.Y. — The New York State Office of Information Technology Services (ITS) says the 23rd annual NYS Cyber Security Conference, held June 8-9, attracted more than 1,300 cybersecurity professionals. Those attending the virtual event were part of state and local government, academia, and the private sector. They discussed “emerging developments” in the industry and

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Those attending the virtual event were part of state and local government, academia, and the private sector. They discussed “emerging developments” in the industry and best practices designed to improve the security of New York State, ITS said in a June 8 news release.

ITS describes the conference as “New York’s premier cyber security event.” The conference sought to focus on New York’s “longstanding commitment” to protect New Yorkers and businesses from cyber threats and improve the safety and security of the State.

ITS hosted the event in partnership with the University at Albany School of Business and the New York State Forum, Inc.

“In this digital age, cyber security is of paramount importance,” Angelo (Tony) Riddick, New York State’s chief information officer, said. “Industry partners at the New York State Cyber Security Conference help us keep pace with the trends in cyber security. We must all work together to keep New York safe from cyber threats.”

The 2021 conference featured more than 50 sessions, many of them including interactive discussions led by subject-matter experts in government and the private sector. FireEye CEO Kevin Mandia, whose company discovered the Solar Winds hack, delivered the opening keynote address.

The University at Albany says the conference is key to broadening the knowledge base of cyber threats and solutions.

“This conference is instrumental in improving awareness of challenges and new developments in the field to a broad audience. Now, more than ever we need to train and educate a new generation of cyber security professionals to protect national secrets and intellectual property from our determined and tenacious adversaries who are constantly probing our defenses for vulnerabilities,” Sanjay Goel of the School of Business at the University at Albany, said. “We are thrilled to cosponsor the premier cyber security event in the Northeast and work towards our collective goal of making New York and our nation safer.”

Mario Musolino, executive director of The NYS Forum, Inc., added, “Every day there are countless cyberattacks, aimed at government, industry and individuals,” “It is important that we understand what is happening and make sure that we are protecting our valuable assets. This conference is a unique opportunity for all of us to learn from each other regardless of our level of expertise.”

State homeland-security grants include funding awards for cybersecurity

Nonprofits, Subscriber Only, Technology

ALBANY, N.Y. — The Town of Geddes, Oswego County, Herkimer County, Cortland County, and Seneca County are among the local governments awarded state grant funding for cybersecurity projects. The program provides funding support for eligible counties, cities, towns, and villages to “enhance” their ability to protect, detect, identify, respond to, and recover from cyber incidents,

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

ALBANY, N.Y. — The Town of Geddes, Oswego County, Herkimer County, Cortland County, and Seneca County are among the local governments awarded state grant funding for cybersecurity projects.

The program provides funding support for eligible counties, cities, towns, and villages to “enhance” their ability to protect, detect, identify, respond to, and recover from cyber incidents, the office of Gov. Andrew Cuomo said in a June 29 news release.

Recipients can use the funding to “mitigate capability gaps” that have been identified through a risk-assessment methodology.

The Town of Geddes, along with Cortland and Oswego counties were awarded $50,000 each. Herkimer County will receive nearly $48,000 and Seneca County was awarded $12,000, per Cuomo’s office.

The grants are part of more than $1.4 million awarded statewide for cybersecurity projects. The cybersecurity grants were among a total of $7.4 million in state funding in homeland-security grants to support New York’s emergency preparations, Cuomo’s office said.

The New York State Division of Homeland Security and Emergency Services manages the targeted grant programs, having previously distributed nearly $82 million through the state homeland-security program.

Altogether, Cuomo’s office announced 76 recipients. The funding supports vital training and equipment for first responders, including specialized law enforcement and fire-emergency response teams. The $7.4 million in funding supports New York’s bomb squads, hazardous-materials teams, explosive-detection canine teams, and technical rescue and urban search and rescue teams. Funds will also help protect and secure critical infrastructure and enhance local governments’ cybersecurity capabilities.

Besides the cybersecurity money, the City of Syracuse, Onondaga County, and the Village of Endicott were each awarded $100,000 in bomb-squad funding. This program helps equip and train the state’s 12 local FBI-accredited bomb squads to locate and prevent potential emergencies caused by improvised explosive devices or IEDs.

“Public safety is our top priority in New York and this funding allows cities, towns, villages and counties to enhance their emergency preparedness capabilities so they can protect New Yorkers from a variety of threats,” Cuomo said. “First responders need high quality resources to do their jobs to the best of their abilities and this funding will ensure they can acquire them. We owe infinite thanks to these teams and anticipate these grants streamlining the work they do to serve our communities.”

The New York State Division of Homeland Security and Emergency Services provides “leadership, coordination and support” for efforts to prevent, protect against, prepare for, respond to, and recover from terrorism and other man-made and natural disasters, threats, fires and other emergencies.

Katko: U.S. must do “better job” of preparing for cyberattacks

Subscriber Only, Technology

U.S. Representative John Katko (R–Camillus) believes that cybersecurity is a pre-eminent national-security issue and government and industry must work together to prevent future attacks. Katko is a ranking member of the House Committee on Homeland Security. On June 9, the Congressman who represents the greater Syracuse area spoke to CNBC’s “Squawk Box” program to preview that day’s

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

U.S. Representative John Katko (R–Camillus) believes that cybersecurity is a pre-eminent national-security issue and government and industry must work together to prevent future attacks.

Katko is a ranking member of the House Committee on Homeland Security. On June 9, the Congressman who represents the greater Syracuse area spoke to CNBC’s “Squawk Box” program to preview that day’s full committee hearing on the Colonial Pipeline ransomware attack. That early-May attack resulted in 5,500 miles of pipeline being shut down, causing large disruptions to gasoline deliveries on the East Coast.

Katko’s office released excerpts from the interview. In it, he noted that the nation’s systems are “vulnerable,” and the U.S. isn’t doing enough to fight back.

“We need to do a much better job in this country of preparing for cyberattacks and anticipating what can happen and be ready for it,” Katko told CNBC, noting that the hearing was intended to make sure people understand what’s at stake.

On the topic of investing in cybersecurity, Katko said best practices are “critically important” in both the private sector and in government.

“Let’s start with the private sector. You need to invest in cybersecurity. That’s going to cost money. We don’t know how much Colonial Pipeline invested in actual cybersecurity, but every company in this nation probably does not invest enough. On the government side, we’ve got to do the same. The Cybersecurity & Infrastructure Security Agency (CISA) is completely overwhelmed trying to deal with ransomware attacks and cyberattacks. Colonial Pipeline is one of the latest in a long line of those. We need to make sure CISA is properly beefed up,” said Katko.

He also discussed preparing for attacks, noting that lawmakers “need to make sure” the Biden Administration and succeeding administrations have cybersecurity infrastructure plans in place so they can anticipate attacks and be ready when critical infrastructure is attacked — “much like we did in the Cold War.”

“We have to have the same type of security plan ready for cyberattacks and ransomware attacks,” Katko said.

In dealing with the perpetrators, Katko told CNBC has what he calls the “five pillars,” and the fifth pillar is “basically whacking the bad guys.” The Colonial Pipeline attack “emanated” from Russia, and Katko said he finds it “very hard to believe” that the Russian government didn’t at least know about the entity involved because it was a “very sophisticated attack.”

In the interview, Katko also discussed following the money.

“Cryptocurrency has been a game changer for the criminal element. I was a federal organized crime prosecutor for 20 years. The hardest thing for criminals to do was to spend their money to hide the money that they made from their illicit activities. I applaud the FBI because they were able to chase the cryptocurrency trail probably for one of the first times on this Colonial Pipeline attack and get that money back. That needs to be the norm, not the exception, and we need to be able to do that going forward,” he said.

Bhalla elected to SRC board of trustees

Manufacturing & Engineering, Regional News, Small Business, Subscriber Only, Technology

CICERO, N.Y. — SRC Inc. announced it has named Rajeev Bhalla to its board of trustees. Bhalla has nearly 20 years of experience in the roles of chief financial officer and controller and is currently an operating partner at Cerberus Operating and Advisory Company. He has led global industrial companies, worked as a trusted advisor,

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

VIEWPOINT: Stopping the Rising Tide of Identity-Theft Cases

Business Mentors, Subscriber Only, Technology

The era of COVID-19 has brought enormous suffering and persistent uncertainty to New Yorkers. Adding to both the financial and psychological pain of the pandemic is a dramatic increase in identity theft during the past year. More than 67,000 complaints of identity theft were reported in New York state during 2020, according to the Federal Trade Commission

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

More than 67,000 complaints of identity theft were reported in New York state during 2020, according to the Federal Trade Commission (FTC). That was a record number, up 85 percent from the previous year and more than four times the figure of a decade earlier.

Whether identity theft involves credit cards, bank accounts, business or personal loans, government benefits, or other types of transactions, it carries significant risk of financial loss to the victim. The U.S. Department of Justice reported $15.1 billion in financial losses nationwide in 2018. Even when there is no direct monetary loss, addressing the consequences of stolen personal information can take months of complicated work with banks, utility companies, medical offices, and others. Sometimes the worst damage comes later, when victims have trouble getting a job, renting an apartment, obtaining a tax benefit, or receiving a loan because of a stolen identity.

New York State has taken numerous steps in recent years to address identity theft, which is punishable by up to seven years in prison, and to require that businesses and state agencies safeguard private personal information. But clearly, more must be done.

Each of us can and should take common-sense steps such as making sure to keep Social Security numbers confidential and being careful to limit use of birth dates and other personal information in online communications — including social media.

Governmental and independent consumer advocates offer a number of other recommendations for individuals.

As policy makers at all levels of government consider additional responses to identity theft, private businesses large and small that collect and maintain personal information must redouble their efforts to safeguard such data. Social-media companies, whose business models rely heavily on personal information, should take steps to promote best practices, such as educating users about ways to keep private information confidential. Working together, we can reverse the rising tide of identity theft.

Thomas P. DiNapoli is the New York State Comptroller. This article is drawn from the executive summary to a report, titled, “The Increasing Threat of Identity Theft,” which his office issued in May. To check out the full report, visit: https://www.osc.state.ny.us/files/reports/pdf/increasing-threat-of-identity-tBheft.pdf

System automation to keep fueling cyberattacks, expert says

Manufacturing & Engineering, Subscriber Only, Technology

ROME, N.Y. — Cyberattacks against critical infrastructure have grown significantly in the last few years and the numbers are likely to continue to rise as more systems are automated and connected to networks. That’s according to Eric Thayer, principal engineer for systems analysis and exploitation at Assured Information Security (AIS), which is based in the

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

That’s according to Eric Thayer, principal engineer for systems analysis and exploitation at Assured Information Security (AIS), which is based in the Griffiss Business & Technology Park in Rome.

“At AIS we regularly analyze the security of complex systems, such as those that may have been supporting the pipeline. We have a team that specializes in identifying weaknesses and hardening safety critical systems,” Thayer said in a May 12 news release.

He was referring to the May 8 shutdown of the main fuel supply line to the U.S. east coast following a cyberattack against Colonial Pipeline.

AIS — a cyber and information-security company serving government and commercial customers that is observing two decades in business — says it understands the importance of the computer systems and networks supporting critical infrastructure, such as a fuel-distribution pipeline, to be evaluated on a regular basis for secure design and implementation.

Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

“Cyber threats are constantly evolving, and it is important for companies to understand the impact of vulnerabilities before they are discovered and to be prepared with plans in place to mitigate potential threats,” said Thayer. “End to end vulnerability assessments and secure product consulting are services we often encourage our customers to consider. These services help to proactively identify weaknesses before they are exploited and we can build systems securely from the ground up, minimizing potential threats.”

About AIS

As of 2021, AIS has a national footprint with 10 office locations across the country and an additional five customer locations. Locally, it has an office at 250 South Clinton St., in addition to the Rome headquarters. AIS also has an office in Rochester.

Since inception in 2001, the company has completed 337 contracts and is currently fulfilling 45.

AIS has an employee count of 300 as it marks 20 years in operation, per a June 28 news release. Over the past two decades, AIS has been awarded 17 patents and currently has 11 filed.

The AIS “ecosystem” is a collection of separate entities operating under the AIS umbrella, the firm says. In 2016, AIS became majority owner of GreyCastle Security, a provider of risk-assessment, mitigation, and certification-readiness services headquartered in Troy in the Capital Region. This year, AIS supported the founding of AssuredTek, a growing company that provides support and defends business systems, networks, and assets using an array of technology and professional services.

AIS focuses on research, development, consulting, testing, cyber-forensics, remediation, and training. It works with the U.S. Department of Defense (DoD) and has collaborative ties with other defense contractors and more than a dozen universities.

SUNY Poly cybersecurity program places 4th in nationwide ranking

Health Care, Regional News, Subscriber Only, Technology

MARCY, N.Y. — Study.com’s 2021 list of the “Top Bachelor’s Programs in Cyber Security” ranks SUNY Polytechnic Institute’s program fourth nationwide. Dakota State University of Madison, South Dakota tops the list; New England Institute of Technology in East Greenwich, Rhode Island is ranked second; and Oklahoma State University Institute of Technology in Okmulgee, Oklahoma is

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

VIEWPOINT: 1 Thing Most Cyber Breaches Have in Common: Lack of Education

Business Mentors, Subscriber Only, Technology

Cybersecurity breaches are nothing new, but several high-profile cases recently are bringing new attention to a serious and growing problem. Malicious actors are getting more sophisticated in their attempts to subvert systems, using tactics such as spear-phishing to prey upon employees’ willingness and desire to be helpful. The average cost of a breach in the U.S. is

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

The average cost of a breach in the U.S. is $242 per record. Regaining trust and repairing a corporate reputation could add on to that expense significantly.

The fact that this is a growing problem is undeniable. There are a lot of reasons for the rise in cybercrime, including the sudden switch to remote work brought about by the COVID-19 pandemic. But even when employees are in the office, it’s easy to fall for a phishing scam, or leave systems vulnerable due to poor password habits. Here are just a few of the top vulnerabilities:

• Weak passwords — Choosing overly simple or easily guessed passwords is a long-standing risk.

• Unrestricted web browsing — Accessing the web is a modern business tool that can have many advantages, but unrestricted web browsing can lead employees to accessing sites riddled with malware, putting your systems at risk.

• Social-engineering scams — Social-engineering scams capitalize on the desire of employees to be helpful. Some of these scams might even happen over the phone, with scammers posing as coworkers or vendors, tricking your employees into disclosing passwords or bank-account numbers.

• Phishing, spear-phishing, and link scams — Email scams are widespread. Typically, an employee will receive an email that appears to be from a trusted source, such as a bank or vendor website, and will ask an employee to click a link to verify their account information. Once this process is complete, the attacker has access to your private information.

• Poor document control — Unlocked file cabinets, post-it notes that contain the latest passwords to systems, storing sensitive information in easily accessible files, discarded paperwork that remains un-shredded, and even documents left on printers are all examples of weak document security that could compromise your systems.

• Outdated or disabled browser-security software — Without the latest versions of anti-virus software in use on every machine, your office could be vulnerable.

Examining this list, it’s clear that malicious actors have two primary means by which to gain access to your systems: through holes in your technology, or by manipulating your employees. Businesses are aware that this is a problem, yet still can struggle to implement measures that will harden their cybersecurity defenses. Why is there such a disconnect?

Cost is frequently mentioned as a factor in delaying cybersecurity improvements. Although it is true that businesses may have additional IT expenses, especially if they are still using outdated hardware and software, the costs of upgrading systems will likely pale in comparison to the financial and reputational costs of a breach.

The most impactful step companies can take in hardening their cybersecurity defenses is training employees. All breaches share one commonality: educating people can reduce the rate of these attacks.

Cybersecurity training is not a one-time event. Rather, it is ongoing learning that will make the biggest difference. Short, frequent training will have a lasting impact — and, recurrent lessons allow for changes to be made in training, to adapt as malicious actors change their tactics. I’m reminded of Ben Franklin’s quote: “Tell me and I forget, teach me and I may remember, involve me and I learn.”

You’ll need to involve every employee. Each person who has access to email or who uses your computers must be trained — including interns, and all the way up to the CEO. Malicious actors have become very adept at mimicking legitimate websites, and whether it is through a lack of understanding, carelessness, or unfamiliarity with the risks, employees are putting companies at risk.

Training doesn’t have to be expensive. Leaders should look to third parties to conduct training as threats and tactics so quickly evolve. Video training is available at a reasonable dollar amount, and the Center for Internet Security has a list of free resources.

Cybersecurity training is one of the most essential steps you can take to protect your business. If you need help, reach out to your financial institution for recommendations. It, along with organizations such as the Cybersecurity and Infrastructure Security Agency (CISA), the Small Business Administration (SBA), and the Department of Homeland Security (DHS) have resources and help for companies of all sizes.

Terra Carnrike-Granata is senior VP and director of information security at NBT Bank. She is responsible for designing and implementing sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyber threats — helping to keep companies and consumers protected. For more information, visit www.nbtbank.com/businessfraudinfo.

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Get our email updates

What's New

Upcoming Events

Project Homecoming Job & Career Fair 2025

Annual Nonprofit Conference 2026

2026 CenterState CEO Economic Forecast Breakfast

CNYBJ Job Board

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get our email updates